What is a “Man-in-the-Middle” Attack?

Imagine you are talking to somebody and somebody steps up between you and starts listening. Rude, right? This is basically how a man-in-the-middle attack works.

The attacker is virtually stepping between you and the other party you are communicating with, with the intent of eavesdropping or of modifying the information. The difference is that you can’t see them.

MITM attacks are the first stage, that is to say, the attacker always has a goal for what they are going to do afterward. These attacks have been around since the very beginnings of the internet, and are likely to stay with us. (In some ways they’ve been around for longer – a tapped phone is also a man-in-the-middle attack).

How do MITM Attacks Work?

There are several ways in which hackers can achieve a “man-in-the-middle,” some of which are older and some are newer and more sophisticated.

Fake Wi-Fi networks. Airports are a common location for this venerable trick. It’s less common than it used to be, but it still happens. Always make sure that you confirm the identity of a public Wi-Fi network before connecting to it. Watch out for typosquatting (setting up a fake network one character away from the real one). This is sometimes called an Evil Twin.

Eavesdropping on unencrypted Wi-Fi. Unencrypted public networks are vulnerable to an attacker connecting to the network and then listening to traffic.

SSL stripping, which is where the attacker sets up a proper https connection to a website, but only HTTP to the user. You think you are connecting to a secure site, but you are not.

Compromised routing protocols. While much more sophisticated, some attackers can convince the internet they are in charge of certain IP addresses, routing them to the attacker.

DNS spoofing. By taking control of the DNS settings for a particular domain, they can make it look like you’re connecting to a legitimate website when you are not. This is often done in combination with website cloning, where attackers copy a legitimate site.

Fake cell phone towers, otherwise known as “Stingrays.” This is actually a common tactic for law enforcement and intelligence agencies, but stingray devices can be bought on the dark web.

Exploiting session management to gain access to file sharing.

Exploiting the often lower security of connected “Internet of Things” devices such as smart TVs, smart thermostats, etc. IoT devices have also been used to make botnets.

How Common Are They?

Man-in-the-middle attacks are relatively rare. It is often easier for hackers to achieve the same goals through phishing or installing malware on user devices.

They have become less popular as technologies such as https and the increased adoption of SSL has made them harder to perform. However, they have also become more sophisticated and often harder to detect.

What Do Hackers Achieve With MITM Attacks?

As mentioned, man-in-the-middle attacks tend to be a first phase, a way of gathering information for the real attack.

Acquire Google search data, which is another one that’s popular with law enforcement.

Gain access to users’ bank accounts.

Control conversations by altering what people are saying to each other.

How Can I Protect Myself from a MITM Attack?

Man-in-the-middle attacks can be hard for a consumer to deal with.

For example, it is very hard to detect DNS spoofing, especially combined with website cloning. However, there are a few things you can do:

Avoid evil twins by making sure you know the name of a public Wi-Fi network before connecting. Check that the name is exactly what the sign or the person you asked says. If you do find one, try to tell the staff at the restaurant or the customer service desk at the airport, as they may be able to shut it down or at least warn people.

Turn off the automatic connection to Wi-Fi networks on your laptop and, most especially, mobile devices. It may be convenient to have your phone connect to any open network it can find, but…

Properly control and encrypt your home Wi-Fi and make sure that you have changed the admin login from the default. Connecting to people’s routers happens. More common is wardriving, where hackers go around looking for open Wi-Fi networks that they can use to piggyback on, making it look like an attack comes from you, or to monitor network traffic.

Use public networks warily, and avoid sending any sensitive information over them.

Use secure email for sensitive purposes. It may be better to always use it, but as some systems require both people to sign up, this is not always possible.

Make sure that the padlock symbol on a website you are connecting to is closed before sending any personal information. Also, double check the domain name to avoid typosquatting. You can also consider using an extension such as https anywhere to encrypt as much website traffic as possible.

When possible, do financial transactions on a wired network on your own device.

Use a trustworthy VPN whenever you are connecting to the internet away from home. A VPN encrypts your data, meaning that attackers have to break the encryption to get your information. Likely, they will not try and move on to an easier target. Using a VPN is the best way to protect your privacy when you are away from home. Avoid free VPNs, as they often monitor your traffic then sell the data to advertisers.

Man-in-the-middle attacks are, fortunately, rare and are rarer than they used to be. However, anyone who sends sensitive information over the internet, which is now most of us, may be vulnerable. The absolute best way to protect yourself is to use a quality paid VPN.